summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pcr/openswan/PKGBUILD43
-rwxr-xr-xpcr/openswan/openswan43
-rwxr-xr-xpcr/openswan/openswan.service13
-rw-r--r--pcr/strongswan/CHANGELOG20
-rw-r--r--pcr/strongswan/PKGBUILD34
5 files changed, 120 insertions, 33 deletions
diff --git a/pcr/openswan/PKGBUILD b/pcr/openswan/PKGBUILD
index bae970025..97cea98e6 100644
--- a/pcr/openswan/PKGBUILD
+++ b/pcr/openswan/PKGBUILD
@@ -1,24 +1,23 @@
-# Contributor: Jan Fader <jan.fader@web.de>
+# Contributor: xjpvictor Huang <ke [AT] xjpvictor [DOT] info>
pkgname=openswan
-pkgver=2.6.36
-pkgrel=2
+pkgver=2.6.38
+pkgrel=1
pkgdesc="Open Source implementation of IPsec for the Linux operating system"
url="http://www.openswan.org"
license=('GPL' 'custom')
-arch=('i686' 'x86_64' 'mips64el')
-depends=('iproute' 'gmp' 'perl')
+arch=('i686' 'x86_64')
+depends=('iproute2>=2.6.8' 'gmp' 'perl')
+makedepends=('flex' 'bison')
+conflicts=('ipsec-tools' 'openswan')
+provides=('openswan')
backup=(etc/ipsec.conf \
etc/ipsec.d/policies/{block,clear,clear-or-private,private,private-or-clear})
-source=(http://www.openswan.org/download/openswan-$pkgver.tar.gz
- openswan.rc.d
- compile.patch)
+source=(http://download.openswan.org/openswan/openswan-$pkgver.tar.gz
+ openswan
+ openswan.service)
build() {
- # Create /etc/rc.d for init script, and license directory
- mkdir -p $pkgdir/{etc/rc.d,usr/share/licenses/openswan}
-
cd $srcdir/openswan-$pkgver
- patch -p1 -i $srcdir/compile.patch
# Change install paths to Arch defaults
sed -i 's|/usr/local|/usr|;s|libexec/ipsec|lib/openswan|' Makefile.inc
@@ -26,21 +25,27 @@ build() {
make USE_XAUTH=true USE_OBJDIR=true programs
}
-package(){
+package() {
cd $srcdir/openswan-$pkgver
+
+ # Create /etc/rc.d for init script, and license directory
+ mkdir -p $pkgdir/{etc/rc.d,usr/share/licenses/openswan}
make DESTDIR=$pkgdir install
# Change permissions in /var
- chmod 755 $pkgdir/var/run/pluto
-
+ chmod 700 $pkgdir/var/run/pluto
+
# Copy License
cp LICENSE $pkgdir/usr/share/licenses/openswan
-
+
# Install init script
- install -Dm755 ../openswan.rc.d $pkgdir/etc/rc.d/openswan
+ install -Dm755 ../openswan $pkgdir/etc/rc.d/openswan
+ install -Dm644 ../openswan.service $pkgdir/usr/lib/systemd/system/openswan.service
+ mkdir $pkgdir/usr/lib/systemd/scripts/
+ cp $pkgdir/etc/rc.d/ipsec $pkgdir/usr/lib/systemd/scripts/ipsec
# fix manpages
mv $pkgdir/usr/man $pkgdir/usr/share/
}
-md5sums=('b3a1733493520bb18729633b62ef8247'
+md5sums=('13073eb5314b83a31be88e4117e8bbcd'
'543d84162761b9cc9ec319e938c4dd2a'
- '5540437bb334873da646e21ac9caa963')
+ 'd8b465c10838c72e31329d65011002b6')
diff --git a/pcr/openswan/openswan b/pcr/openswan/openswan
new file mode 100755
index 000000000..30bd0d56e
--- /dev/null
+++ b/pcr/openswan/openswan
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+. /etc/rc.conf
+. /etc/rc.d/functions
+
+case "$1" in
+ start)
+ stat_busy "Starting Openswan IPsec"
+ /etc/rc.d/ipsec --start
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ stat_done
+ add_daemon openswan
+ fi
+ ;;
+ stop)
+ stat_busy "Stopping Openswan IPsec"
+ /etc/rc.d/ipsec --stop
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ stat_done
+ rm_daemon openswan
+ fi
+ ;;
+ restart)
+ stat_busy "Restarting Openswan IPsec"
+ /etc/rc.d/ipsec --restart
+ if [ $? -gt 0 ]; then
+ stat_fail
+ else
+ stat_done
+ add_daemon openswan
+ fi
+ ;;
+ status)
+ /etc/rc.d/ipsec --status
+ ;;
+ *)
+ echo "usage: $0 {start|stop|restart|status}"
+esac
+
diff --git a/pcr/openswan/openswan.service b/pcr/openswan/openswan.service
new file mode 100755
index 000000000..6d899705c
--- /dev/null
+++ b/pcr/openswan/openswan.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Openswan daemon
+After=network.target
+
+[Service]
+Type=forking
+ExecStart=/usr/lib/systemd/scripts/ipsec --start
+ExecStop=/usr/lib/systemd/scripts/ipsec --stop
+ExecReload=/usr/lib/systemd/scripts/ipsec --restart
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/pcr/strongswan/CHANGELOG b/pcr/strongswan/CHANGELOG
new file mode 100644
index 000000000..a798a08c4
--- /dev/null
+++ b/pcr/strongswan/CHANGELOG
@@ -0,0 +1,20 @@
+strongswan-5.0.4
+----------------
+
+- Fixed a security vulnerability in the openssl plugin which was reported by
+ Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944.
+ Before the fix, if the openssl plugin's ECDSA signature verification was used,
+ due to a misinterpretation of the error code returned by the OpenSSL
+ ECDSA_verify() function, an empty or zeroed signature was accepted as a
+ legitimate one.
+
+- The handling of a couple of other non-security relevant openssl return codes
+ was fixed as well.
+
+- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its
+ TCG TNC IF-MAP 2.1 interface.
+
+- The charon.initiator_only option causes charon to ignore IKE initiation
+ requests.
+
+- The openssl plugin can now use the openssl-fips library.
diff --git a/pcr/strongswan/PKGBUILD b/pcr/strongswan/PKGBUILD
index ed603e5c2..975e7a21f 100644
--- a/pcr/strongswan/PKGBUILD
+++ b/pcr/strongswan/PKGBUILD
@@ -7,24 +7,27 @@
# Maintainer: dkorzhevin <dkorzhevin at gmail dot com>
pkgname=strongswan
-pkgver=5.0.1
-pkgrel=2
+pkgver=5.0.4
+pkgrel=5
pkgdesc="open source IPsec implementation"
url='http://www.strongswan.org'
license=("GPL")
-arch=('i686' 'x86_64' 'mips64el')
-depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite3')
+arch=('i686' 'x86_64')
+depends=('curl' 'gmp' 'iproute2' 'openssl' 'sqlite')
conflicts=('openswan')
options=(!libtool)
backup=(etc/ipsec.conf etc/strongswan.conf)
source=(http://download.strongswan.org/${pkgname}-${pkgver}.tar.bz2 strongswan.rc::https://gist.github.com/raw/3106703/96d2ce9683f1e33ef14c679880ddc298e9673508/strongswan.rc)
-md5sums=('58fdeb49f133139a58f4d8adafc69a16'
+changelog='CHANGELOG'
+md5sums=('0ab0397b44b197febfd0f89148344035'
'cf815adef48a1ffee34517380c731277')
-
build() {
- cd ${srcdir}/${pkgname}-${pkgver} || return 1
+ cd ${srcdir}/${pkgname}-${pkgver}
- ./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/lib --with-ipsecdir=/usr/lib/strongswan \
+ ./configure --prefix=/usr \
+ --sysconfdir=/etc \
+ --libexecdir=/usr/lib \
+ --with-ipsecdir=/usr/lib/strongswan \
--enable-sqlite \
--enable-openssl --enable-curl \
--enable-sql --enable-attr-sql \
@@ -34,12 +37,15 @@ build() {
--enable-eap-gtc --enable-eap-aka --enable-eap-aka-3gpp2 \
--enable-eap-mschapv2 --enable-eap-radius --enable-xauth-eap \
--enable-ha \
- --disable-mysql --disable-ldap || return 1
+ --disable-mysql --disable-ldap
- make || return 1
- make DESTDIR=${pkgdir} install || return 1
+ make
+}
- install -d ${pkgdir}/etc/rc.d || return 1
- ln -s /usr/sbin/ipsec ${pkgdir}/etc/rc.d/ipsec || return 1
- install -Dm755 ${srcdir}/strongswan.rc ${pkgdir}/etc/rc.d/strongswan || return 1
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make DESTDIR=${pkgdir} install
+ install -d ${pkgdir}/etc/rc.d
+ ln -s /usr/sbin/ipsec ${pkgdir}/etc/rc.d/ipsec
+ install -Dm755 ${srcdir}/strongswan.rc ${pkgdir}/etc/rc.d/strongswan
}